CVE-2008-5987 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5987): Untrusted search path vulnerability in the Python interface in eog 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
I am not sure whether this bug is being tracked upstream. Please see the blocker for details and a patch example.
2.22.3-r3 is in the tree.
Arches, please test and mark stable: =media-gfx/eog-2.22.3-r3 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
amd64/x86 stable
alpha/ia64/sparc stable can't do arm since it needs gnome-2.22 stable
Stable for HPPA.
ppc64 done
ppc done
GLSA filed.
GLSA 200904-06